Also, sharutils-4.2.1-1.5.2.i386.rpm isn't signed.
I noticed, that this problem (unsigned packages in updates) occurs quite often.
Do you think it would make sense to write a script that checks all the packages
submitted to updates for being properly signed?